Security Solutions
3-123
Designing Access Controls
Finalize Security Policies
1. Does your organization require anti-virus software?
In Table 3-96, fill in the anti-virus software solutions that meet your
requirements. The NAC 800 allows you to choose multiple solutions; as
long as an endpoint has one, it passes the test.
2. Does your organization require anti-spyware?
Fill in the solutions that meet your requirements.
3. Does your organization require personal firewalls?
Fill in the solutions that meet your requirements in the “Personal fire-
walls” cell (for vendor and Windows firewalls). If you require the Mac
firewall on Mac endpoints, check the “Mac firewall” cell.
Table 3-96. Tests for Medium Endpoint Integrity
More Rigorous Tests for Endpoint Integrity. You might want to test end-
points in particularly high security zones more rigorously. These tests might:
■ Verify that endpoints are protected from less-common but real threats
such as attacks activated through macros
■ Minimize risky or undesirable applications and behavior
■ Check that not just the endpoints’ OS but also various applications are
patched
■ Verify that endpoints remain patched
Some of these tests might scan not only for insecure settings and applications,
but also for settings and applications that—for whatever reason—are unde-
sirable (or, conversely, desirable) in your network. For example, you might
want to prohibit an application that has caused trouble in your network. Or a
department head might want all users working on a particular project to have
a particular application necessary for that project.
These tests in this section might start to interfere with the way those who
connect to the network can use the network. Hopefully, users will begin to
employ their network access in safer and more productive ways. However,
you do not want to hinder legitimate use; as recommended in Chapter 2:
Anti-Virus Anti-Spyware Personal Firewalls Mac Firewall
Solutions that meet
requirements